From 02235af24dc4ffbd82bcc39fe4bd2a1bffd07ff4 Mon Sep 17 00:00:00 2001 From: Alex Corcoles Date: Sat, 25 Mar 2023 18:07:54 +0100 Subject: [PATCH] Document Talos role --- .../playbooks/roles/talos/README.md | 51 ++++++++++++++++++- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/personal_infra/playbooks/roles/talos/README.md b/personal_infra/playbooks/roles/talos/README.md index 6c45f99..c5c3559 100644 --- a/personal_infra/playbooks/roles/talos/README.md +++ b/personal_infra/playbooks/roles/talos/README.md @@ -1,4 +1,51 @@ +# Talos Ansible role + +This role helps provision Talos clusters using Ansible. +Currently, this role only supports VMs on Proxmox and single node clusters. + +## Variables + +### Host variables + ``` -$ talosctl gen secrets -o talos/$cluster-secrets.yaml -$ ansible-vault encrypt talos/$cluster-secrets.yaml +proxmox: + id: 123 + host: inventory_name_of_proxmox_host + cores: n + memory: in MB + disk: in GB +network: + ip: x.y.z.t +talos_host: + talos_cluster: cluster_name + install_disk: /dev/vda ``` + +### Group variables + +``` +talos_clusters: + cluster_name: # you can have multiple clusters + endpoint: https://host_name:6443 +``` + +## Talos configuration + +Only the Talos secret for the cluster must be stored in version control. +You must create the secret and vault it: + +``` +$ talosctl gen secrets -o talos/${cluster_name}-secrets.yaml +$ ansible-vault encrypt talos/${cluster_name}-secrets.yaml +``` + +## Role + +With the above configuration, the role will: + +* Create the VM in Proxmox. +Until Talos includes https://github.com/siderolabs/talos/pull/5897 , [the playbook fishes the IP from the dnsmasq Proxmox instance](tasks/proxmox.yml#L13) by using [this script](files/get-ip). +* Sets up Talos. +* Fetches the kubeconfig. +* Deploys kustomizations in `k8s/base`. +See [my kustomizations](../../../k8s/base/). -- 2.47.3